131 matches found
CVE-2008-2100
CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...
CVE-2020-3950
Mode C: CVE-2020-3950 affects VMware Fusion (11.x up to 11.5.1/11.5.2), VMware Remote Console for Mac (11.x up to 11.0.1), and Horizon Client for Mac (5.x up to 5.4.0). Root cause: improper use of setuid binaries enabling local privilege escalation from a normal user to root on systems running th...
CVE-2017-5753
CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...
CVE-2025-22226
CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...
CVE-2019-5527
CVE-2019-5527 is a use-after-free in the virtual sound device affecting VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. The issue allows a local attacker with low privileges on a guest to potentially execute code on the host, with impact on confidentiality, integrity and availability d...
CVE-2013-3519
CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...
CVE-2020-3980
Summary: CVE-2020-3980 affects VMware Fusion 11.x. It is a privilege-escalation vulnerability tied to how Fusion configures the system-wide PATH, allowing a normal-privilege user to trick an admin into running malicious code on the host. The vulnerability is documented with a CVSSv3 base score up...
CVE-2021-22045
The CVE-2021-22045 vulnerability is a heap overflow in CD-ROM device emulation affecting multiple VMware products: ESXi (versions 6.5, 6.7, 7.0), Workstation (16.x up to 16.2.0), and Fusion (12.x up to 12.2.0). The underlying issue is a heap overflow in the CD-ROM device emulation, which could en...
CVE-2022-31705
CVE-2022-31705 is a heap out-of-bounds write in the USB 2.0 EHCI controller affecting VMware ESXi, Workstation, and Fusion. A local administrator within a guest VM can exploit this to execute code in the VMX process on the host; on ESXi the exploit is contained within the VMX sandbox, while on Wo...
CVE-2019-5521
CVE-2019-5521 is an out-of-bounds read vulnerability in VMware's pixel shader pipeline affecting ESXi, Workstation, and Fusion. Exploitation requires access to a VM with 3D graphics enabled and can lead to information disclosure or a host DoS; ESXi mitigations are not enabled by default, while Wo...
CVE-2020-3999
CVE-2020-3999 affects VMware ESXi (7.0 with patch ESXi70U1c-17325551), VMware Workstation (16.x before 16.0 and 15.x before 15.5.7), VMware Fusion (12.x before 12.0 and 11.x before 11.5.7) and VMware Cloud Foundation. The vulnerability is a denial of service caused by improper input validation in...
CVE-2023-20872
CVE-2023-20872 affects VMware Workstation and VMware Fusion, describing an out-of-bounds read/write vulnerability in the SCSI CD/DVD device emulation. The issue can allow a guest VM with a CD/DVD drive configured to use a virtual SCSI controller to execute code on the host hypervisor, implying po...
CVE-2021-22040
Vulnerability CVE-2021-22040 affects VMware ESXi, Workstation, and Fusion due to a use-after-free in the XHCI USB controller. The issue lets a malicious actor with local VM admin privileges execute code as the host VMX process running on the host. This is a host-level impact triggered from within...
CVE-2020-3947
Summary: CVE-2020-3947 affects VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2). The issue is a use-after vulnerability in the vmnetdhcp component that can allow a guest to impact the host. Exploitation may lead to code execution on the host from the guest or cause a...
CVE-2024-22255
CVE-2024-22255 is an information disclosure vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with administrative access inside a guest VM can leak memory from the VMX process, potentially exposing sensitive data. The issue is documented wi...
CVE-2021-22041
CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...
CVE-2020-4004
CVE-2020-4004 is a use-after-free in the XHCI USB controller affecting VMware ESXi (7.0 before ESXi70U1b-17168206; 6.7 before ESXi670-202011101-SG; 6.5 before ESXi650-202011301-SG), VMware Workstation (15.x before 15.5.7), and VMware Fusion (11.x before 11.5.7). The underlying issue allows a mali...
CVE-2017-4901
The CVE-2017-4901 entry relates to VMware Workstation 12.x (before 12.5.4) and VMware Fusion 8.x (before 8.5.5), where the drag-and-drop (DnD) function has an out-of-bounds memory access vulnerability. The cited sources describe a potential for a guest operating system to execute code on the host...
CVE-2023-20869
CVE-2023-20869 is a stack-based buffer overflow in VMware Workstation 17.x and VMware Fusion 13.x related to sharing host Bluetooth devices with the VM. Public reports and Vulners-derived references confirm this vulnerability, which can allow a local attacker with VM-level privileges to execute c...
CVE-2021-22043
CVE-2021-22043 affects VMware ESXi. It is a TOCTOU vulnerability in how temporary files are handled by the settingsd service, enabling a user with access to settingsd to escalate privileges by writing arbitrary files. The issue is discussed alongside related flaws (CVE-2021-22040/22041/22042/2205...
CVE-2024-22252
Summary of CVE-2024-22252 : VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges inside a VM can exploit this to execute code as the VMX process on the host; on ESXi the effect is contained w...
CVE-2018-6974
CVE-2018-6974 describes an out-of-bounds read in the SVGA device affecting VMware ESXi (various older builds), VMware Workstation (14.x before 14.1.3), and VMware Fusion (10.x before 10.1.3). The issue could allow a guest to execute code on the host due to SVGA parsing/reading flaws. Affected pro...
CVE-2017-4924
CVE-2017-4924 is a VMware SVGA out-of-bounds write vulnerability that can allow a guest VM to execute code on the host. Affected products and versions (per provided docs): ESXi 6.5 prior to patch ESXi650-201707101-SG; VMware Workstation 12.x prior to 12.5.7; VMware Fusion 8.x prior to 8.5.8. The ...
CVE-2023-20871
Summary (CVE-2023-20871) VMware Fusion contains a local privilege escalation flaw. A user with read/write access to the host OS can elevate privileges to gain root on the host. The vulnerability is characterized as an “Important” issue affecting Fusion (and related VMware blurbs note it as part o...
CVE-2020-3974
CVE-2020-3974 affects VMware Fusion 11.x (pre-11.5.5), VMware Remote Console for Mac 11.x (pre-11.2.0), and Horizon Client for Mac 5.x (pre-5.4.3). It is a local privilege-escalation due to improper XPC Client validation, allowing a normal-privilege user to gain root access. Exploitation requires...
CVE-2024-22251
VMware Workstation and Fusion contain an out-of-bounds read in the USB CCID (chip card interface device). A malicious actor with local administrative privileges inside a VM may trigger an out-of-bounds read, leading to information disclosure. Publicly documented impact and remediation are tied to...
CVE-2020-3981
CVE-2020-3981 affects VMware products (ESXi, Workstation, Fusion) with an out-of-bounds read caused by a TOCTOU in the ACPI device. An attacker with VM-level admin access can leak memory from the vmx process. CVE-2020-3982 is a related out-of-bounds write in the same ACPI TOCTOU path, potentially...
CVE-2018-6973
CVE-2018-6973 affects VMware Workstation 14.x prior to 14.1.3 and VMware Fusion 10.x prior to 10.1.3. The vulnerability is an out-of-bounds write in the e1000 device that may allow a guest to execute code on the host. ZDI notes that exploitation requires the attacker to run code on the guest (loc...
CVE-2018-6981
CVE-2018-6981 describes an uninitialized stack memory issue in the vmxnet3 virtual network adapter that could allow a guest to execute code on the host. Affected VMware products include ESXi 6.7 (without ESXi670-201811401-BG), ESXi 6.5 (without ESXi650-201811301-BG), ESXi 6.0 (without ESXi600-201...
CVE-2013-1406
CVE-2013-1406 affects VMware VMCI in vmci.sys across VMware Workstation (8.x before 8.0.5; 9.x before 9.0.1), VMware Fusion (4.1 before 4.1.4; 5.0 before 5.0.2), VMware View (4.x before 4.6.2; 5.x before 5.1.2), VMware ESXi/ESX (4.0–5.1). Root cause: improper restriction of memory allocation by V...
CVE-2019-5519
CVE-2019-5519 describes a TOCTOU vulnerability in the virtual USB 1.1 UHCI on VMware products. A guest VM with a virtual USB controller can potentially execute code on the host. Affected: VMware ESXi (various 6.x versions), Workstation (14.x/15.x), and Fusion (10.x/11.x) before the patched builds...
CVE-2024-22253
CVE-2024-22253 is a use-after-free in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with local VM admin privileges can exploit it to execute code as the VMX process on the host; on ESXi this is contained within the VMX sandbox, while Workstation/Fusion ...
CVE-2019-5518
CVE-2019-5518 concerns an out-of-bounds read/write in the virtual USB 1.1 UHCI for VMware products. A guest VM with a virtual USB controller can potentially execute code on the host. Affected: VMware ESXi (6.0/6.5/6.7), Workstation (14.x/15.x), and Fusion (10.x/11.x). Root cause: out-of-bounds ac...
CVE-2018-6957
CVE-2018-6957 affects VMware Workstation Pro/Player (14.x prior to 14.1.1; 12.x) and VMware Fusion (10.x prior to 10.1.1 and 8.x). The vulnerability is a denial-of-service that can be triggered by opening a large number of VNC sessions; exploitation requires VNC to be manually enabled. Public-fac...
CVE-2017-4941
CVE-2017-4941 affects VMware products: ESXi 6.0 (pre-ESXi600-201711101-SG) and ESXi 5.5 (pre-ESXi550-201709101-SG); Workstation 12.x (pre-12.5.8); and Fusion 8.x (pre-8.5.9). The vulnerability is a stack overflow in the remote management function triggered by a specific set of VNC packets, which ...
CVE-2009-1244
CVE-2009-1244 is a VMware-hosted products issue where a guest OS could execute code on the host via the virtual machine display function. Affected products include VMware Server/Player/Workstation and related hosted ESX/ESXi components (as described in the CVE record). The root cause is described...
CVE-2015-6933
CVE-2015-6933 affects VMware Tools HGFS across VMware Workstation (11.x prior to 11.1.2), VMware Player (7.x prior to 7.1.2), VMware Fusion (7.x prior to 7.1.2), and VMware ESXi (5.0–6.0). Root cause: HGFS/shared folders component vulnerability leading to guest OS privilege escalation or guest ke...
CVE-2017-4905
CVE-2017-4905 affects VMware ESXi (multiple versions) and VMware Workstation/Fusion up to specific builds, caused by uninitialized memory usage that could leak information. Connected documents provide concrete details: affected products/versions, the root cause (uninitialized memory), and impact ...
CVE-2018-6982
CVE-2018-6982 affects VMware ESXi 6.5 and 6.7 (and related VMware products) due to uninitialized stack memory usage in the vmxnet3 virtual network adapter, which may leak information from host to guest when vmxnet3 is enabled. The Connected documents corroborate that ESXi 6.7 requires ESXi670-201...
CVE-2019-5514
CVE-2019-5514 is a VMware Fusion vulnerability where unauthenticated APIs accessible through a web socket can be abused to trick the host user into running JavaScript on the guest via VMware Tools, potentially enabling commands on the guest. Affected product: VMware Fusion 11.x prior to 11.0.3. M...
CVE-2017-4945
CVE-2017-4945 affects VMware Workstation (14.x, 12.x), Fusion (10.x, 8.x) and VMware Tools. Root cause: guest access control weakness that may allow code execution via Unity on locked Windows VMs. Affected components/versions: VMware Tools prior to 10.2.0; Tools 10.2.0 fixes this issue and is pac...
CVE-2023-34044
CVE-2023-34044 is an out-of-bounds read vulnerability in VMware Workstation 17.x before 17.5 and VMware Fusion 13.x before 13.5, in the Bluetooth host-device sharing function. A local attacker with VM privileges can read sensitive information from hypervisor memory. No exploit details are provide...
CVE-2009-2267
CVE-2009-2267 affects VMware products (Workstation, Player, ACE, Server, Fusion, ESXi/ESX) where Virtual-8086 mode is used. The root cause is an improper setting of the exception code on a page fault (#PF), allowing guest OS users to gain privileges on the guest OS by supplying a crafted value fo...
CVE-2024-38811
VMware Fusion for macOS versions 13.x before 13.6 contains a code‑execution vulnerability due to insecure handling of an environment variable. The root cause is an insecure environment variable usage inside the Fusion application, which could allow a local attacker with standard user privileges t...
CVE-2024-22273
CVE-2024-22273 affects VMware ESXi, Workstation, and Fusion storage controllers, with an out-of-bounds read/write flaw that may let a VM-adjacent attacker cause a denial of service or, in conjunction with other issues, execute code on the hypervisor. Exploitation is described as local (requires a...
CVE-2018-6972
Summary of CVE-2018-6972 details from provided documents : VMware products — ESXi (versions listed as affected before certain update bundles), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) — are affected by a denial-of-service vulnerability due to a NULL pointer dereference in...
CVE-2020-3963
CVE-2020-3963 affects VMware ESXi (7.0 pre-7.0.0-1.20.16321839; 6.7 pre-670-202006401-SG; 6.5 pre-650-202005401-SG), Workstation 15.x pre-15.5.2, and Fusion 11.x pre-11.5.2 with a use-after-free in PVNVRAM that could allow a local attacker with VM access to read privileged memory. VMware’s VMSA-2...
CVE-2015-1043
Affected products and component: VMware HGFS in Workstation 10.x (before 10.0.5), VMware Player 6.x (before 6.0.5), and VMware Fusion 6.x (before 6.0.5) and 7.x (before 7.0.1). Vulnerability and impact: HGFS input validation flaw that allows guest OS users to cause a guest OS denial of service. T...
CVE-2020-3964
CVE-2020-3964 is an information-leak vulnerability in the EHCI USB controller affecting VMware products. A local attacker with access to a guest VM can read privileged information from the hypervisor memory, under conditions described by VMware and Red Hat/CNVD disclosures. Affected are: ESXi 7.0...
CVE-2020-3965
CVE-2020-3965 affects VMware ESXi, Workstation, and Fusion, describing an information-leak in the XHCI USB controller that could let a local VM attacker read privileged information from hypervisor memory. Affected: ESXi 7.0 (pre-1.20.16321839), 6.7 (pre-670-202006401-SG), 6.5 (pre-650-202005401-S...